You can use Intrusion Detection System (IDS) policies to monitor, identify, and log traffic for known threats.
To help inform how you manage your Firewall, for example, to block traffic using the source IP address, you can:
- Get Intrusion System Monitor alerts.
- View the information collected using the IDS logs.
Note
There are many potential alerts and log variations that may be generated. Smoothwall Support won’t interpret the messages or advise what actions to take
Before you begin
- Check the built-in Intrusion policies and set up custom Intrusion policies if needed.
- Decide whether to log IDS data for the IDS logs:
- Go to Services > Intrusion system > Signatures.
- Select the Use syslog for Intrusion logging checkbox.
- Select Save.
Turn IDS on or off
You can choose whether to have IDS on, to record logs and send you alerts on intrusion threats.
- Go to Services > Intrusion system > IDS.
- Select the Enabled checkbox to turn IDS on.
- Select Save changes.
Create an IDS policy
- Select Add new IDS policy.
- Ensure Enabled is selected.
- Select the Interface to apply the policy to:
- All internal interfaces
- All external interfaces
- Select a specific interface
- For Policy, select one or more policies.
- (Optional) Enter a Comment.
- Select Add.
Edit IDS polices
To edit policies:
- Hover over the policy.
- Select Edit.
- Change any fields as needed.
- Select Save changes.
To have the policy not apply, but keep it in the list:
- Hover over the policy.
- Select Edit.
- Clear the Enabled checkbox.
- Select Save changes.
Delete IDS policies
To delete a single policy:
- Hover over the policy.
- Select Delete.
To delete multiple policies:
- Select the checkbox:
- Next to the Interface column to select all objects.
- Next to each row.
- Select the Delete button.